lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 8 Nov 2017 14:22:47 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Jon Maloy <jon.maloy@...csson.com>
Cc:     syzbot 
        <bot+0cea668556ca5b811dc9725d82edbd87fea4defb@...kaller.appspotmail.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
        "tipc-discussion@...ts.sourceforge.net" 
        <tipc-discussion@...ts.sourceforge.net>,
        Ying Xue <ying.xue@...driver.com>
Subject: Re: syzbot:dup: general protection fault in __lock_acquire (2)

On Sun, Nov 5, 2017 at 3:34 PM, Jon Maloy <jon.maloy@...csson.com> wrote:
> The problem was already known, but the solution is non-trivial, and needs some more review and testing before I can submit it.
>
> ///Jon Maloy

Hi Jon,

Thank you very much for actually bothering to reply with the dup
command. But commands must be in email body, i.e.:

#syz dup: general protection fault in __lock_acquire (2)

I've updated the email template to clarify that it's meant to be email
body to avoid confusion in future:
https://github.com/google/syzkaller/commit/9547ae3a85db67e4d3abe9ee7782a41b782a7906

Please reply to the "general protection fault in __lock_acquire (2)"
report with the fix command once there is a fixing commit for this.
This will allow syzbot to understand when the commit reaches all of
its trees and report similarly looking bugs in future.

Thanks



>> -----Original Message-----
>> From: syzbot
>> [mailto:bot+0cea668556ca5b811dc9725d82edbd87fea4defb@...kaller.appsp
>> otmail.com]
>> Sent: Sunday, November 05, 2017 09:42
>> To: davem@...emloft.net; Jon Maloy <jon.maloy@...csson.com>; linux-
>> kernel@...r.kernel.org; netdev@...r.kernel.org; syzkaller-
>> bugs@...glegroups.com; tipc-discussion@...ts.sourceforge.net; Ying Xue
>> <ying.xue@...driver.com>
>> Subject: general protection fault in perf_trace_lock_acquire
>>
>> Hello,
>>
>> syzkaller hit the following crash on
>> 5a3517e009e979f21977d362212b7729c5165d92
>> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
>> compiler: gcc (GCC) 7.1.1 20170620
>> .config is attached
>> Raw console output is attached.
>>
>>
>>
>>
>> R10: 0000000020ed7fe4 R11: 0000000000000212 R12: 00000000004b7550
>> R13: 00007f1a861ffb58 R14: 00000000004b7560 R15: 0000000000000000
>> Subscriber rejected, no memory
>> kasan: CONFIG_KASAN_INLINE enabled
>> kasan: GPF could be caused by NULL-ptr deref or user memory access
>> general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer:
>>     (ftrace buffer empty)
>> Modules linked in:
>> CPU: 1 PID: 518 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+
>> #38
>> Hardware name: Google Google Compute Engine/Google Compute Engine,
>> BIOS Google 01/01/2011
>> task: ffff8801c558a180 task.stack: ffff8801d9650000
>> RIP: 0010:perf_trace_lock_acquire+0xc0/0x980
>> include/trace/events/lock.h:13
>> RSP: 0018:ffff8801d9657668 EFLAGS: 00010002
>> RAX: 0000000000000007 RBX: 1ffff1003b2caed7 RCX: 0000000000000000
>> RDX: dffffc0000000000 RSI: 0000000000000020 RDI: ffffffff85f24de0
>> RBP: ffff8801d9657840 R08: 0000000000000000 R09: 0000000000000020
>> R10: dffffc0000000000 R11: ffffffff8154c3e0 R12: ffff8801d9657818
>> R13: 0000000000000000 R14: ffffffff85f24de0 R15: 0000000000000001
>> FS:  00007f1a86200700(0000) GS:ffff8801db300000(0000)
>> knlGS:0000000000000000
>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 00000000004d4a84 CR3: 00000001ce90c000 CR4: 00000000001406e0
>> DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call
>> Trace:
>>   trace_lock_acquire include/trace/events/lock.h:13 [inline]
>>   lock_acquire+0x394/0x580 kernel/locking/lockdep.c:4003
>>   __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
>>   _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:174
>>   spin_lock_bh include/linux/spinlock.h:320 [inline]
>>   tipc_subscrb_subscrp_delete+0x8f/0x480 net/tipc/subscr.c:201
>>   tipc_subscrb_delete net/tipc/subscr.c:238 [inline]
>>   tipc_subscrb_release_cb+0x17/0x30 net/tipc/subscr.c:316
>>   tipc_close_conn+0x171/0x270 net/tipc/server.c:204
>>   tipc_topsrv_kern_subscr+0x724/0x810 net/tipc/server.c:514
>>   tipc_group_create+0x702/0x9c0 net/tipc/group.c:184
>>   tipc_sk_join net/tipc/socket.c:2747 [inline]
>>   tipc_setsockopt+0x249/0xc10 net/tipc/socket.c:2861
>>   SYSC_setsockopt net/socket.c:1851 [inline]
>>   SyS_setsockopt+0x189/0x360 net/socket.c:1830
>>   entry_SYSCALL_64_fastpath+0x1f/0xbe
>> RIP: 0033:0x452869
>> RSP: 002b:00007f1a861ffbe8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
>> RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452869
>> RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000014
>> RBP: 0000000000000086 R08: 000000000000001c R09: 0000000000000000
>> R10: 0000000020ed7fe4 R11: 0000000000000212 R12: 00000000004b7550
>> R13: 00007f1a861ffb58 R14: 00000000004b7560 R15: 0000000000000000
>> Code: c7 40 1c 00 f2 f2 f2 c7 40 20 f2 f2 f2 f2 c7 40 24 00 f2 f2 f2 c7 40
>> 28 f3 f3 f3 f3 48 8d 46 18 48 89 85 70 fe ff ff 48 c1 e8 03 <80> 3c 10 00 0f 85 da
>> 04 00 00 49 8b 79 18 48 85 ff 0f 84 62 04
>> RIP: perf_trace_lock_acquire+0xc0/0x980 include/trace/events/lock.h:13
>> RSP:
>> ffff8801d9657668
>> ---[ end trace 2fd434e3de3d34c0 ]---
>>
>>
>> ---
>> This bug is generated by a dumb bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for details.
>> Direct all questions to syzkaller@...glegroups.com.
>> Please credit me with: Reported-by: syzbot <syzkaller@...glegroups.com>
>>
>> syzbot will keep track of this bug report.
>> Once a fix for this bug is committed, please reply to this email with:
>> #syz fix: exact-commit-title
>> To mark this as a duplicate of another syzbot report, please reply with:
>> #syz dup: exact-subject-of-another-report If it's a one-off invalid bug report,
>> please reply with:
>> #syz invalid
>> Note: if the crash happens again, it will cause creation of a new bug report.
>> Note: all commands must start from beginning of the line.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/AM4PR07MB1714FB33E9D7CA86551E193D9A530%40AM4PR07MB1714.eurprd07.prod.outlook.com.
> For more options, visit https://groups.google.com/d/optout.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ